By Topic

Explore More

Customer Success

We know that successful customers don’t just require great products but also training, education and flawless implementations. That’s why we’ve created the Legendary Customer Success program because we want our customers to be legends.

GDPR + Cybercrime: Is Email Part Of Your Compliance Strategy?

Crippling financial penalties and strict new privacy rules have grabbed most of the EU General Data Protection Act (GDPR) headlines so far. This is no surprise, given the sweeping nature of the act, but ahead of the May 2018 implementation date, it’s important to look at some of the more detailed compliance requirements, especially for email.

A key tenet of the GDPR – that organizations must respond in a timely manner to Subject Access Requests (SARs), inquiries from EU residents about the location and processing of their personal data, as well as to requests that it be erased – will likely force a sea-change in how organizations manage all data, personal or otherwise.

In the meantime, little’s been said about the challenges of overhauling privacy in the current era of phishing and ransomware. The two developments – growing regulatory burdens and the increasingly volatile threat landscape – put organizations in a double bind. The GDPR emerged in part as a response to the growing cybercrime threat, yet its directives to retool organizational policies, processes and structures stand to compound the burdens of well-intentioned organizations.

To manage the dual risks of GDPR compliance and cybercrime, you need to focus on email security and governance. Here are some guidelines for formulating such a strategy:

Review your email infrastructure

Over 90 percent of phishing cybercrime exploits begin with email, making it the single biggest threat vector to organizations and the data they manage. Furthermore, not only are emails a common vehicle to share and exchange personal data, email servers are prime repositories for such data as names, email addresses and associated contact information.

Implement strong search and e-discovery

To suit GDPR mandates for reporting on and deleting personal data upon request, your email infrastructure needs to streamline search and e-discovery. A robust complement of case management tools – early case assessment, search and saved search, legal hold application, retention adjustments, and export, to name a few – will also expedite your ability to respond effectively to requests.

Educate and inform your mailbox holders

One careless click can undermine even the most capable security or governance infrastructure. This makes social engineering exploits such as phishing and impersonation attacks so devastatingly effective. A well-informed workforce is an essential component of an effective GDPR compliance strategy. Every user in your domain must be vigilant against the onslaught of email-based attacks, and play a vital role in notifying your Data Protection Officer (DPO) of any suspected privacy breaches.

No matter where your organization is based, if you manage or process personal data associated with EU residents, you will be impacted by the GDPR. Managing against GDPR penalties involves securing and tightly controlling your email servers and archives. The countdown to prepare has begun.